git: 39f615e90ca3 - main - pf: rename the pf_pdesc field rh_cnt to badopts

Fri, 27 Sep 2024 15:17:30 -0700 

The branch main has been updated by kp:

URL: 
https://cgit.FreeBSD.org/src/commit/?id=39f615e90ca3fc6207dd0419a69a859e563e1de0

commit 39f615e90ca3fc6207dd0419a69a859e563e1de0
Author:     Kristof Provost <[email protected]>
AuthorDate: 2024-09-11 12:46:51 +0000
Commit:     Kristof Provost <[email protected]>
CommitDate: 2024-09-27 20:13:23 +0000

    pf: rename the pf_pdesc field rh_cnt to badopts
    
    It is also used for IPv4 options now.
    ok mcbride@ henning@
    
    Reviewed by:    zlei
    Obtained from:  OpenBSD, bluhm <[email protected]>, 4fe6abd45f
    Sponsored by:   Rubicon Communications, LLC ("Netgate")
    Differential Revision:  https://reviews.freebsd.org/D46650
---
 sys/net/pfvar.h     | 2 +-
 sys/netpfil/pf/pf.c | 6 +++---
 2 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/sys/net/pfvar.h b/sys/net/pfvar.h
index c4553e6f380f..f5551447f7aa 100644
--- a/sys/net/pfvar.h
+++ b/sys/net/pfvar.h
@@ -1611,7 +1611,7 @@ struct pf_pdesc {
        struct pf_rule_actions  act;
 
        u_int32_t        p_len;         /* total length of payload */
-       u_int32_t        rh_cnt;        /* Route header count */
+       u_int32_t        badopts;       /* v4 options or v6 routing headers */
 
        u_int16_t       *ip_sum;
        u_int16_t       *proto_sum;
diff --git a/sys/netpfil/pf/pf.c b/sys/netpfil/pf/pf.c
index 8072207ef5dd..823e90384747 100644
--- a/sys/netpfil/pf/pf.c
+++ b/sys/netpfil/pf/pf.c
@@ -8600,7 +8600,7 @@ pf_setup_pdesc(sa_family_t af, int dir, struct pf_pdesc 
*pd, struct mbuf *m,
                pd->act.rtableid = -1;
 
                if (h->ip_hl > 5)       /* has options */
-                       pd->rh_cnt++;
+                       pd->badopts++;
 
                /* fragments not reassembled handled later */
                if (h->ip_off & htons(IP_MF | IP_OFFMASK))
@@ -8643,7 +8643,7 @@ pf_setup_pdesc(sa_family_t af, int dir, struct pf_pdesc 
*pd, struct mbuf *m,
                        case IPPROTO_ROUTING: {
                                struct ip6_rthdr rthdr;
 
-                               if (pd->rh_cnt++) {
+                               if (pd->badopts++) {
                                        DPFPRINTF(PF_DEBUG_MISC,
                                            ("pf: IPv6 more than one rthdr"));
                                        *action = PF_DROP;
@@ -9236,7 +9236,7 @@ pf_test(sa_family_t af, int dir, int pflags, struct ifnet 
*ifp, struct mbuf **m0
 done:
        PF_RULES_RUNLOCK();
 
-       if (action == PF_PASS && pd.rh_cnt &&
+       if (action == PF_PASS && pd.badopts &&
            !((s && s->state_flags & PFSTATE_ALLOWOPTS) || r->allow_opts)) {
                action = PF_DROP;
                REASON_SET(&reason, PFRES_IPOPTIONS);

Reply via email to